Veritas NetBackup™ Appliance Security Guide
- About the NetBackup appliance Security Guide
- User authentication
- About user authentication on the NetBackup appliance
- About configuring user authentication
- About user name and password specifications
- User authorization
- Intrusion prevention and intrusion detection systems
- Log files
- Operating system security
- Data security
- Web security
- Network security
- Call Home security
- About AutoSupport
- About Call Home
- About SNMP
- Remote Management Module (RMM) I security
- STIG and FIPS conformance
- Appendix A. Security release content
About the NetBackup appliance intrusion prevention system
The appliance intrusion prevention system (IPS) consists of a custom Symantec Data Center Security (SDCS) policy that runs automatically at startup. The IPS policy is an in-line policy that can proactively block unwanted resource access behaviors before they can be acted upon by the operating system.
The following list contains some of the IPS policy features:
Real-time tight confinement of the appliance operating system processes and common applications, such as the following:
nscd - which caches DNS requests to cut down on remote DNS lookups.
rpcd for NFS
Self-Protection for the SDCS agent itself to ensure that the security features and monitoring features of SDCS are not compromised.
Lock-down of access to system binaries, except by identified and trusted applications, users, and user groups.
Confinements that protect the system from the applications that try to install software, such as sbin) or change system configuration settings, such as
Prohibits applications from executing critical system calls such as mknod, modctl, link, mount, and so on.
Prohibits unauthorized users or applications from accessing backup data, such as
/opt/NBUAppliance/db/config/data, and so on.
Restricted access to the root account by maintenance user.